Summary of ThreatWire Video

The video discusses recent cybersecurity threats and updates, including a newly patched zero-day vulnerability in the Chromium browser, malicious npm packages targeting Roblox developers, and changes to the Offensive Security Certified Professional certification.

Key Points

• A new Chromium zero-day vulnerability (CVE-2024-7971) was patched on August 21, 2024, identified as a type confusion issue in the V8 JavaScript engine.
• The exploitation of this vulnerability is attributed to a North Korean threat actor known as Citrine Sleet, targeting cryptocurrency communities.
• Exploits included remote code execution leading to a sandbox escape and deployment of a FUD rootkit to evade detection.
• Microsoft has released updates for both the zero-day and a Windows kernel vulnerability (CVE-2024-38106).
• The Offensive Security Certified Professional (OSP) certification will introduce a “Plus” modifier effective November 1, 2024, to indicate recency and will expire after three years.
• Malicious npm packages have been discovered targeting Roblox developers through techniques like typo-squatting and brand jacking, compromising systems and stealing credentials.
• Roblox, with its large active user base, remains an attractive target for such malicious activities.

Youtube Video: https://www.youtube.com/watch?v=6SAxzHCBOQ8
Youtube Channel: Hak5
Video Published: 2024-09-04T16:00:04+00:00